The September 2020 Microsoft patches

[woody]

The patches are out. I see 189 new entries in the Microsoft Update Catalog, plus 23 Intel microcode updates that were released last week. Stay tuned..
[See the full post at: The September 2020 Microsoft patches]

5 users thanked author for this post.

abbodi86, scooby, geekdom, Fred, Microfix

[PKCano]

AKB 2000003 has been updated for Group B Win7 (ESU) and Win8.1 on September 8, 2020.

There are Security-only and IE11 Cumulative Updates for those with Win7 ESU subscriptions.
September Rollup KB4577051 Download 32-bit or 64-bit for those with Win7 ESU subscriptions.
You must have August Servicing Stack KB4570673 previously installed to receive these updates)

There is no new  September Servicing Stack at this time for those with Win7 ESU subscriptions.

For those of you attempting to install Win7 updates for .NET 4.5.2 and later (patches with the .exe extension), see post #2287984 . Also see #2294972.

There is a revised Licensing Preparation Package KB4575903 dated 7/29/2020 for Win7 ESU subscriptions, if you need it.

9 users thanked author for this post.

RTEsysadmin, SueW, abbodi86, jburk07, DrBonzo, scooby, woody, gkarasik, Microfix

[BobT]

@PKCano Windows 7 Sep Security Only (KB4577053) is incorrectly listed as KB4377053 in AKB2000003.

Just needs the 3 correcting to a 5.

1 user thanked author for this post.

PKCano

[Microfix]

kb4566371 x64/x86 DST changes yukon/canada for Win7 ESU also and…no SSU this month!

Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L

1 user thanked author for this post.

DrBonzo

[Moonbear]

Is the absence of an SSU patch a good thing or a bad thing?

1 user thanked author for this post.

gkarasik

[Microfix]

less hassle but generally..neither, MSFT must feel confident the most recent service stack is fit for purpose this month.

Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L

1 user thanked author for this post.

Moonbear

[gkarasik]

As there’s no new Servicing Stack update for this month, do we have to manually install the one from last month?

GaryK

• This reply was modified 1 week, 5 days ago by gkarasik.

[Microfix]

Not if you already have it installed

Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L

2 users thanked author for this post.

RTEsysadmin, gkarasik

[DrBonzo]

A minor note: according to the support page for KB4566371 (DST Yukon), this KB is included in the September Rollup for Win 8.1, KB4577066. (The DST Yukon patch also applies to some other versions of Windows, see the support page link below).

https://support.microsoft.com/en-us/help/4566371/dst-changes-in-windows-for-yukon-canada

[Coldheart9020]

Windows 10 Pro 1909 x64 – I have been offered KB4574727 (2020-09 CU), KB4576484 (2020-09 .NET CU) as well as KB890830, the now-quarterly Malicious Software Removal Tool.

I have manually downloaded the MSRT standalone .msu from the Update Catalog, but have yet to run and install it.

[PKCano]

It is OK to install MSRT through Windows Update.

2 users thanked author for this post.

Coldheart9020, woody

[Coldheart9020]

That’s how I’ve installed MSRT in the past, but installing it manually via the catalog will allow me to hold off on the two other updates from WU – without first hiding them – until MS-DEFCON 3 or higher.

1 user thanked author for this post.

RTEsysadmin

[PKCano]

There is no rush to install MSRT. It can wait with the rest of the updates.

2 users thanked author for this post.

RTEsysadmin, Coldheart9020

[anonymous]

cve-2020-0922 Looks quite critical
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0922

Do all the Intel updates come via Windows Update?

[EP]

only if you have an affected Intel CPU

but sometimes these Intel microcode updates from MS can be pushed to AMD users – so AMD users may need to use wushowhide.diagcab to hide/block those kinds of updates

[geekdom]

Windows 1909 TestBeta
September 8, 2020

Checked for updates with WUmgr:

• Windows Malicious Software Removal Tool x64 – v5.83 (KB890830)
• 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 for x64 (KB4576484)
• 2020-09 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4574727)

Installed updates from Windows Update in order shown installed:

• 2020-09 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4574727)
• Windows Malicious Software Removal Tool x64 – v5.83 (KB890830)
• 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 for x64 (KB4576484)

I was prompted to reboot, so I rebooted without error, and checked for updates again using Windows Updates.

• There were no updates pending.
• 2020-09 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4574727) showed installed.
• 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 for x64 (KB4576484) showed installed.

Under WUMgr, all three updates showed installed:

• Windows Malicious Software Removal Tool x64 – v5.83 (KB890830)
• 2020-09 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1909 for x64 (KB4576484)
• 2020-09 Cumulative Update for Windows 10 Version 1909 for x64-based Systems (KB4574727)

G{ot backup} TestBeta
offline▸ Win10Pro 1909.18363.959 x64 i3-3220 RAM8GB HDD Firefox79.0 WindowsDefender
online▸ Win10Pro 1909.18363.1082 x64 i5-9400 RAM16GB HDD Firefox81.0 WindowsDefender
TargetReleaseVersion=1909
WUMgr

4 users thanked author for this post.

RTEsysadmin, CraigS26, Coldheart9020, jburk07

[anonymous]

Hi @geekdom, thanks for your early report but did you encounter any problem with Windows Explorer/Start Menu/Search as reported at the following Reddit thread :

https://www.reddit.com/r/Windows10/comments/ioxn7d/cumulative_updates_september_8th_2020/g4idb0i/?utm_source=reddit&utm_medium=web2x&context=3

Cheers.

[geekdom]

Short form: No problems.

G{ot backup} TestBeta
offline▸ Win10Pro 1909.18363.959 x64 i3-3220 RAM8GB HDD Firefox79.0 WindowsDefender
online▸ Win10Pro 1909.18363.1082 x64 i5-9400 RAM16GB HDD Firefox81.0 WindowsDefender
TargetReleaseVersion=1909
WUMgr

[jayinalaska]

According to this article at bleepingcomputer.com, this month’s servicing stack update (SSU) for Windows 10 will make changes that will allow the SSU to be bundled with cumulative updates (CUs) starting with October’s Windows 10 CU. September’s SSU is the last standalone SSU.

No mention is made (that I saw) whether this change will be made for Windows 8.x or Windows 7.

[anonymous]

That change only affects Windows Server Update Services (WSUS) and Microsoft Catalog, as servicing stack update (SSU) and latest cumulative update (LCU) are already bundled via Windows Update:

Simplifying on-premises deployment of servicing stack updates

1 user thanked author for this post.

abbodi86

[anonymous]

The “bundled SSU” improvement for Microsoft Update Catalog and WSUS or Configuration Manager is explained much better in this ghacks.net article:

Currently, when you are installing updates manually on a Windows 10 system or are using update management solutions such as WSUS or Configuration Manager, you may run into update installation issues if an update depends on a particular Servicing Stack update that is not installed. Windows will quit the installation of the update with the error “update isn’t applicable” and it is up to the system administrator to figure out why it cannot be installed on the device.

Starting in September 2020, and only for Windows 10 version 2004 and Servicing Stack update September 2020, or later, this behavior is a thing of the past. Cumulative updates for Windows 10 will include the Servicing Stack update that the cumulative update requires so that the error should not be thrown anymore.

Microsoft integrates Servicing Stack Updates in Windows 10 cumulative updates

[abbodi86]

The article title is terrible

[Microfix]

Win8.1 Pro x64: Sept 2020 – KB4577066 SMQR installed
(MSRT disabled from WU so I wouldn’t know if there was one available or not)

Post patch checks:
Event viewer – displays no errors/ nothing unusual
Task Scheduler – no changes made to my settings.
Local Printer – Canon PXMA prints fine

Performance/ Data Collector Sets:
Diagtrack – re-enabled via Event Trace Sessions. I have diagtrack removed, better luck next-time 😉
SQMLogger – remained disabled in Startup Event Trace Sessions.
Ran abbodi’s script to eradicate telemetry points, all good.
Should anything go south, it’ll be posted here.

Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L

Attachments:

You must be logged in to access attached files.

4 users thanked author for this post.

RTEsysadmin, abbodi86, jburk07, DrBonzo

[NetDef]

Two articles about a month apart are — to me — revealing a serious (and so far un-announced) vuln in WSUS that’s being mitigated quietly.

 

From August we got this post:

( Microsoft recommends using HTTPS with Windows Server Update Services (WSUS).)

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/security-best-practices-for-windows-server-update-services-wsus/ba-p/1587536

It’s interesting because HTTPS internally has long been considered a best practice, but not enforced in any way should the sysadmins choose to use HTTP between the server and client machines.

Now today we see:

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/changes-to-improve-security-for-windows-devices-scanning-wsus/ba-p/1645547

Referring to this line:  “To ensure that your devices remain inherently secure, we are no longer allowing HTTP-based intranet servers to leverage user proxy by default to detect updates”

My suspicion is high here.  This only makes sense on an internal environment where a bad actor could spoof updates via a software proxy.  And malware proxies are nothing new, but this indicates that perhaps the cert check on updates packages is not as secure as we’ve assumed.

 

~ Group "Weekend" ~

1 user thanked author for this post.

woody

[bbearren]

I got two Defender definition updates earlier this morning, and a third came along for the ride along with

KB890830 Windows Malicious Software Removal Tool x64 – v5.83
KB4571750 Cumulative Update for Windows 10 Version 2004 for x64-based Systems
KB4576478 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004 for x64

No hiccups, O&O ShutUp 10 shows no changes.  A couple of things, though.  My video editing software usually took 3 or 4 seconds to load after acknowledging the UAC prompt, now ~2 seconds.  Also, View update history under Windows Update had a pause before displaying the history, now pops up almost immediately.

So I checked a few more, and all that I’ve tried so far launch noticeably quicker.  Interesting.

Now on Windows 10 Pro Version 2004 (OS Build 19041.508).

Create a fresh drive image before making system changes/Windows updates, in case you need to start over!

"When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns

"Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

Computer Specs

1 user thanked author for this post.

jburk07

[bbearren]

The same updates were pushed overnight to my NAS and Dell Latitude E5420.

No hiccups.

Create a fresh drive image before making system changes/Windows updates, in case you need to start over!

"When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns

"Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

Computer Specs

[Berserker79]

I just noticed the following note added to the KB article of the latest .NET Framework CU released for Windows 10 1809, i.e. KB4576627:

Important

This update is included in the Cumulative Update that’s dated September 8, 2020. Parts of this update were previously released in the Cumulative Update that’s dated August 20, 2020.

Is the “Cumulative Update that’s dated September 8, 2020” supposed to be a reference to the 2020-09 Cumulative update KB4570333 for Version 1809 (KB4570333)? If so, does this mean that by installing KB4570333 there is no need to install KB4576627?

[PKCano]

“B” week updates (Patch Tuesday) are Security updates.
Updates released after Patch Tues (on “C,” “D,” “E,” weeks = “Previews”) contain the non-Security fixes  that will be included in the next “B” week (Patch Tues) update.

So, if you install a Patch Tues Cumulative update, you have installed the previous month’s CU + all the non-security “Previews” released after the last Patch Tues.

Cumulative updates (whether “B” week Security CUs or “C,” “D,” “E,” week  non-Security “Preview” CUs contain the patches from a previous date. The “Previews” just contain the untested fixes to be added to the next month’s CU.

1 user thanked author for this post.

Berserker79

[abbodi86]

.NET 4.x got new security updates, .NET 3.5 Family didn’t

the CU (or Rollup on Win 7/8.1) include both, new September one for 4.x and August one for 3.5

4 users thanked author for this post.

Berserker79, woody, PKCano, Microfix

[Berserker79]

Thanks, now I understand what that “Important” notice it’s talking about! I thought it was talking about the Win10 CU, not the previous .NET CU, my mistake (but I do find the language of that notice a bit too unclear). Anyway, this means that once we have the proper MS-DEFCON level I will install both the Win10 CU KB4570333 and the .NET CU KB4576627.

[anonymous]

Hi,

FYI Feedback on the Cumulative 2020-09 Updates can be seen here:

Reddit: https://www.reddit.com/r/Windows10/comments/ioxn7d/cumulative_updates_september_8th_2020/

Microsoft community Forum:

https://answers.microsoft.com/en-us/windows/forum/all/cumulative-updates-september-2020/0274dd2e-a83f-4de4-be75-c17b45fbcc26

Cheers.

1 user thanked author for this post.

woody

[Microfix]

To exploit the vulnerability, an attacker would first have to log on to the target system and then run a specially crafted application.

Which is hardly a “Remote Code Execution” vulnerability. It’s listed as “Critical.”

ah but! (thinking outside the box) the end-user can be ‘remote code executed’ by telephone scammers putting the user into a false sense of security and allowing/authorising miscreants to access their device so, I’d say it’s critical based on this scenario/assumption.

Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L

1 user thanked author for this post.

Moonbear

[Moonbear]

Especially since it seems like we may never reach a point where people understand that companies like Microsoft or Google will never call you if your computer has an issue.

[Skider86]

The exploit could be posted on a web site easily where someone clicks on it, or even placed in an advertisement…the possibilities are endless so these should be patched ASAP.

[anonymous]

Anyone elses system get a BSOD when trying to shutdown after the update? Mine did, it restarted and seems OK now

[PKCano]

anonymous wrote:

Anyone elses system get a BSOD when trying to shutdown after the update?

“System” meaning Win7, Win8.1, Win10 (vhich version)?
Meaning laptop or desktop?
Which update are you referring to?

[anonymous]

Sorry wasnt very specific.

Win 10 desktop version 1909. Installed the latest Patch Tuesday updates, system rebooted fine and carried on using the PC. Came to shut it down, soon as i pressed shutdoon got the BSOD message, but it was all scrambled. Few seconds later it rebooted back into the desktop.

Never had the issue before on my 6 month old PC, could have been another cause but seems odd it was right after installing the latest round of updates

1 user thanked author for this post.

woody

[PKCano]

If it happens again, see if you can get the error message or the Stop code. So far, we haven’t had any other report of a BSOD, but it’s early in the game after Patch Tuesday.

1 user thanked author for this post.

woody

[anonymous]

Managed to open the dump file of my BSOD after installing the updates. I dont know enough about them to analysis it properly, i will post what i think is relevant here:

SYSTEM_SERVICE_EXCEPTION (3b)

Arg1: 00000000c0000005, Exception code that caused the bugcheck
Arg2: ffffa6e99df4301c, Address of the instruction which caused the bugcheck
Arg3: ffffce005e56f830, Address of the context record for the exception that caused the bugcheck
Arg4: 0000000000000000, zero.

SYMBOL_NAME:  win32kbase!MousePerfSummary::CollectMousePerfTelemetry+8c

MODULE_NAME: win32kbase

IMAGE_NAME:  win32kbase.sys

IMAGE_VERSION:  10.0.18362.1082

STACK_COMMAND:  .cxr 0xffffce005e56f830 ; kb

BUCKET_ID_FUNC_OFFSET:  8c

FAILURE_BUCKET_ID:  0x3B_c0000005_win32kbase!MousePerfSummary::CollectMousePerfTelemetry

OS_VERSION:  10.0.18362.1

BUILDLAB_STR:  19h1_release

OSPLATFORM_TYPE:  x64

OSNAME:  Windows 10

FAILURE_ID_HASH:  {ffe0a877-96ff-baa1-95d7-637af0086417}

MVP Edit: This post pertains to #2295213

1 user thanked author for this post.

woody

[arbrich]

Got 2 users already that are having problems installing the September updates, They both already had 2004 but they get to 84% and 100% and then it is stuck overnight and then backs itself out and throws error. I am pausing them a month and hoping MS fixes issues. The lack of testing they are doing these days is CRIMINAL !!!!! Both machines are older Dell laptops 1 Inspiron 5558  and 1 Lattitude 3440.

 

 

[PKCano]

Do you have any error codes after the rollbacks?
Home or Pro?

[arbrich]

windows update error 0x800f0922

I uninstalled .net and re-installed and tried again with no luck.

 

[CADesertRat]

A question on the .NET patches. In July and Aug. I got the “Preview” .NET patches but no cumulative “regular” ,NET patches. Does this mean that I need to get them from the MS Catalog or are the “Preview” patches all that I need? I haven’t done September as we are at Defcon 2.

Don't take yourself so seriously, no one else does 🙂
4 Win 10 Pro at 1909 (3 Desktops, 1 Laptop).

[Microfix]

1st reported patch casualty in W10 is KB4571756 breaking Windows Subsystem for Linux 2 (WSL 2)

Win8.1 Pro x64 + Linux Hybrids x86/x64 + Win7 Pro x86/64 O/L

1 user thanked author for this post.

woody

[anonymous]

Win 10 Pro 1909 64 bit.  Downloaded SSU KB4576751 and September CU KB4574727 from MS Update Catalog, standalone installed OK, test system stable for 2 days.

[PKCano]

I have updated to Sept. patches, using Rollups and CUs but no Previews, the following with no problems (so far):

3 Win7 Pro & Ultimate (one 32-bit) using @abbodi86 ‘s script
1 Win7 Ultimate EOL (MSRT and Office 2010)
4 Win8.1 Pro (one 32-bit)
2 Win10 Pro v1909
1 Win10 Pro v2004

I can’t say as much for my Win10 Pro Dev Channel Insider Preview which keeps hanging at the second boot on install for EVERY Build after Build 20161.1000  (July 1, 2020). I have tried through Windows Update, from the ISO, and a clean install. Microsoft has broken something in the Dev Channel.
I have no problem installing and updating the Beta Channel Builds 19042.xxx.

[Alex5723]

Win10 version 2004 cumulative update KB 4571756 appears to contain the fix that updates the defrag date, but it doesn’t fix the TRIM command running on hard drives

I haven’t notice before that my internal WD 1TB HDD is a SMR drive with TRIM command.

• This reply was modified 1 week, 1 day ago by Alex5723.

Attachments:

You must be logged in to access attached files.

[WindowsPersister]

Two issues that each occurred immediately after installing a September update.  I eventually installed them all, perhaps unwisely, because of fear about insecurities in Windows.  I have 64-bit Windows 10 Pro 2004, now fully updated, on a desktop.

ISSUE 1:  I installed KB4576478 on 2020-09-10 (.NET Framework 3.5 and 4.8), because it seemed wise to update .NET.  Ever since, I get the blue window ‘Just a moment . . .’ after every login.  It stays there for nearly four minutes, then every is normal.   I have not the slightest idea how to get rid of it, but it is really annoying me and slowing me down.

ISSUE 2:  I installed KB4571756 on 2020-09-13 (the big cumulative update for 2004), in the forlorn hope that this might possibly fix the ‘Just a moment . . .’ problem.  Ever since, I cannot use NordLynx with NordVPN — NordLynx uses WireGuard.  No real worries here, because Nord’s OpenVPN works with no problems, both TCP and UDP, but why the issue with Wireguard?

I can only report.  I leave it to experts to diagnose what caused these issues — and hopefully how I can removed the wretched blue window ‘Just a moment . . .’.

 

[anonymous]

Microsoft’s Knowledge Base article webpages for the Office Updates are still bloated, contain spyware, or something else.  Even though my PC only has 2 GB RAM, it used to be able to open 5 of them in IE11 w/o a problem. Since 2020, it can only handle 2 (Office or Windows Updates) before IE is overloaded. I know RAM is cheap but my business can’t afford it or a new PC.

1 user thanked author for this post.

abbodi86

[EP]

new “preview” updates are out this Wed. Sept. 16:

KB4577062 for 1903/1909:
https://support.microsoft.com/help/4577062/

KB4577069 for 1809:
https://support.microsoft.com/help/4577069/

along with new .NET “preview” updates
KB4576947 for 1903/1909:
https://support.microsoft.com/help/4576947

KB4577324 for 1809 + .NET 3.5/4.72/4.8
https://support.microsoft.com/help/4577324

KB4576946 for 1809 + .NET 3.5/4.8
https://support.microsoft.com/help/4576946

[Author]

Posts